Fix for CVE-2022-2929

Resolves: #2132246
This commit is contained in:
Martin Osvald 2022-10-10 15:25:29 +02:00
parent e71e58f4fd
commit 7d55e5ead2
2 changed files with 27 additions and 0 deletions

25
CVE-2022-2929.patch Normal file
View File

@ -0,0 +1,25 @@
diff --git a/common/options.c b/common/options.c
index 40238f7..11b1961 100644
--- a/common/options.c
+++ b/common/options.c
@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options,
while (s < &bp -> data[0] + length + 2) {
len = *s;
if (len > 63) {
- log_info ("fancy bits in fqdn option");
- return 0;
+ log_info ("label length exceeds 63 in fqdn option");
+ goto bad;
}
if (len == 0) {
terminated = 1;
break;
}
if (s + len > &bp -> data [0] + length + 3) {
- log_info ("fqdn tag longer than buffer");
- return 0;
+ log_info ("fqdn label longer than buffer");
+ goto bad;
}
if (first_len == 0) {

View File

@ -65,6 +65,7 @@ Patch29: 0029-Use-system-getaddrinfo-for-dhcp.patch
Patch30: CVE-2021-25220.patch
Patch31: omshell-hmac-sha512-support.patch
Patch32: CVE-2022-2928.patch
Patch33: CVE-2022-2929.patch
BuildRequires: autoconf
@ -517,6 +518,7 @@ done
%changelog
* Mon Oct 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-18.b1
- Fix for CVE-2022-2928
- Fix for CVE-2022-2929
* Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-17.b1
- omshell: add support for hmac-sha512 algorithm (#2083553)